diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..9bed5c11f
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,19 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+To report security issues send an email to electrumdev@gmail.com.
+
+The following keys may be used to communicate sensitive information to developers:
+
+| Name | Fingerprint |
+|------|-------------|
+| ThomasV | 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6 |
+| SomberNight | 4AD6 4339 DFA0 5E20 B3F6 AD51 E7B7 48CD AF5E 5ED9 |
+
+You can import a key by running the following command with that
+individual’s fingerprint: `gpg --recv-keys "<fingerprint>"`
+Ensure that you put quotes around fingerprints containing spaces.
+
+These public keys can also be found in the Electrum git repository,
+in the top-level `pubkeys` folder.